Thursday, June 30, 2005

From SpyblogWe have been asking the Government to clarify exactly what it means by the terms "fingerprint biometrics" with respect to the proposed compulsory National Biometric Identity Card / centralised Database scheme. Instead of publishing a full technical architecture of what exactly they intend to create, which would have no adverse impact on any commercial procurement process, they just keep dribbling out crumbs of information, apparently as an afterthought:

"Mr. Austin Mitchell: To ask the Secretary of State for the Home Department how many digits he expects to be printed on identity cards; and what information he has collated on the number of digits required on passports and identity cards by other countries. [6164]

28 Jun 2005 : Column 1452W

Andy Burnham: No fingerprints will be printed on the face of the identity card. Biometric information, including under current plans 10 fingerprints, will be held securely on the National Identity Register. Some of the fingerprint data could be held in an encrypted form on the card chip. All the Schengen states will be required to use biometrics in passports under Council Regulation 2252/2004. Fingerprint biometrics (rather than just fingerprints) will be introduced within three years of adoption. Non-Schengen states may choose to follow the requirements, although they would not be bound by the timetable. Other EU member states which issue identity cards are considering introducing biometrics to increase security and some, for example Greece, Italy, Portugal and Spain, already collect one of more fingerprints as part of their national identity card schemes. Among non-EU states, Hong Kong and the Philippines currently include fingerprint information on their identity card schemes."

Does

"Biometric information, including under current plans 10 fingerprints, will be held securely on the National Identity Register. Some of the fingerprint data could be held in an encrypted form on the card chip"

mean that the full fingerprint image scans are going to be stored on the National Identity Register, rather than any biometric secure hashes or template minutiae (an encoding of the ridges and intersections of the fingerprint pattern) i.e. the most useful data to both police investigators and to identity thieves will be stored centrally and have to be sent securely over the network infrastructure ?

There is no assurance that any of the fingerpint data will be held on the central National Identity Register in "encrypted form".

What does Andy Burnham mean about "some of the fingerprint data" with respect to the actual ID Card itself ? Does this means template minutiae of all ten digits or does it mean full digital scan images of, say, two fingers ?

We find it hard to believe that the Smart Cards being considerd for the ID Card scheme will have enough tamper resistant memory capacity to store the raw fingerprint image scans.

It is certain, that the ICAO standard Biometric passport chips (64 Kilobytes of memory in total) will not have enough tamper resistant memory space.

The current National Automated Fingerprint Identification System (NAFIS) for Criminal Records also uses 10 fingerprints and both palm prints (if you have them all) so you can see just how skewed the ID card scheme is towards treating us all as criminals, rather than as innocent citizens, and how far removed the system is from being an individual citiizen centric, purely identification card, and instead is really tool for mass surveillance by the state.

We fully support Dr. Brian Gladman's analysis of past abuses of the fingerprint system by th ePolice, and his fears for similar abuses of the ID card scheme.

If four fingerprints are what the National Physical Laboratory / BT study suggested were needed for reasonably accurate identity verification purposes, and if even the US-VISIT system only uses two fingerprints for border control purposes, than surely the taking and indefinate storage of ten fingerprints of millions of innocent people must be considered to be disproportionate under the Data Protection Act ?

"I argue that the ID card system is in fact a bulwark against the surveillance or Big Brother society, and not a further contribution to it."

Is it terrorists, serious organised criminal, illegal immigrants, benefit fraudsters or "identity thieves" (the presumed statutory targets of the Identity Cards Bill) who are setting up multi-billion pound technological mass surveillance infrastructures, or is it the NuLabour Government which is planning to do so ?

1 Comments:

Anonymous said...

Dο yοu have а spаm іssue on this webѕite; I also am a blogger, аnd Ι waѕ ωаnting to know your situatіоn; many of us have сrеated somе nice prасtices аnd we are lookіng to swap methodѕ with othеrs, please ѕhoot me an еmаil if interеsted.